Lecture 7 

Congruences mod Primes, Order, Primitive Roots 

Continuation of Proof of HenseVs Lemma. By lemma, 

/(a + tp>) = f{a) + tp>f{a) (mod p>+^) 
Now we want to have the right hand side = mod p^~^^. 

f{a) + tp'fia) = mod p'+'^ o tf'{a) + ^ = mod p 

this has a iinique solution 



Direct formula - start with solution a of f{x) = mod p, and we want a solution 
mod p*. Set ai = a. 

Oj+i = aj - f{aj)f'{a) (mod p>+'^) 



where /'(a) is an integer chosen once at the beginning of the algorithm, which 
only matters mod p. It's chosen such that f'{a)f'{a) = 1 mod p. Then f{aj) = 
mod p' for j > 1 as long as /'(a) ^ mod p. 

Eg. Solve the congruence = —1 mod 125. (/(x) = x^ + 1, /'(x) = 2x). Mod 
5: 2^ = — 1 mod 5, so set a = 2. /'(a) = 4 mod 5, so can choose /'(a) = — 1. 

ai = 2 (mod 5) 

02 = ai — /(ai)/'(a) (mod 25) 

= 2-(5)(-l) (mod 25) 

= 7 (mod 25) 



as = ^2 - /(a2)/'(a) (mod 125) 
= 7-(50)(-l) (mod 125) 
= 57 (mod 125) 

Congruences to prime modulus: Assume that all the coefficients of f{x) = 

a„x" + a„_ix"~^ • • • + ao are reduced mod p and also that a„ ^ mod p. By 
dividing out by a„, can assiraie that f{x) is monic (ie., highest coefficient is 1). 
We can also assume degree n of / is less than p. If not, can divide / by x^ — x to 
get 

/(x) = g{x){x^ — x) + r(x) with deg(r(x)) < p 

f{a) = g{a){aF — a) +r(a) = r(a) mod pbyFermat 

so roots of /(x) mod p are the same as the roots of r(x) mod p. 
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Theorem 28. A congruence f{x) = mod p of degree n has at most n solutions. 



Proof, (imitates proof that polynomial of degree n has at most n complex roots) 

Induction on n: congruences of degree and 1 have and 1 solutions, trivially. 
Assume that it holds for degrees < n (n > 2) 

If it has no roots, then we're done. Otherwise, suppose it does have a root 
a. Dividing f{x) hy x — a, we get g{x) £ Z[a;] and a constant r such that 
f{x) = g{x){x — a) + r. Now if we plug in a we get f{a) = (a — a)g{a) + r = r, 
which means that f{a) = r and f{x) = {x — a)g{a) + f{a). 

We know that /(a) = mod p. If /3 is any other root of f{x) then we plug P into 
the equation to get f{p) = {p - a)g{p) + f{a). Mod p, = {p - a)g{p) mod 
p, so = (/3 — a)g{P). We also assimae that ^ ^ a, so g{P) = mod p. 

So /3 is a root of g{x) as a solution of g{x) = mod p. We know that g{x) has 
degree n — 1, so by induction hypothesis g{x) = mod p has at most n — 1 
solutions, which by including a gives f{x) at most n solutions. ■ 

Corollary 29. Ifa„x"- + a„_ia;"~^ H + ao = mod p has more than n solutions, 

then all ai = mod p. 

Theorem 30. Let f{x) = a;" + a„_ia;"~^ + • • • + oq. Then f{x) = mod p has 
exactly n distinct solutions if and only if f{x) divides x^ — p mod p. le., there exists 
g{x) e Z[a;] such that f{x)g{x) = x^ — x mod p as polynomials (all coefficients mod 

v) 

Proof. Suppose f{x) has n solutions. Then n < p because only p possible roots 

mod p (ie., cieg(/) < deg{xP — x)). Divide — a; by f{x) to get 

x^ — X = f{x)g{x) + r(.x), dcg(r) < deg(/) = n 

Now note, if a is a root of f(x) mod p then plug in to get 

— a = f{a)g{a) + r{a) 
= Og{a) + r{a) 
= r{a) mod p 

so a must be a solution to r{x) = mod p. Since f{x) has distinct roots, we see 
that r{x) = mod p has n distinct solutions. But deg(r) < n. So by corollary 
we must have r{x) = mod p as a polynomial (each coefficient is mod p.) Ie., 

x^ — p = f{x)g{x) mod p, and so f(x) divides x'p — x. 

Now suppose f{x)\xP — x mod p. Write x^ — x = f{x)g{x) mod p, where f{x) 
is a monic of degree n and g{x) is a monic of degree p — n. We want to show 
that f{x) has n distinct solutions. 
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By previous theorem, g{x) has at most p — n roots mod p. If a G 0, 1, ... p — 1 is 
not a root of g{x) mod p then — a = f{a)g{a) mod p, which by Fermat = 0. 
Since g{a) ^ mod p, f{a) = mod p. So since there are at least p — {p — n) 
such a, we see that f{x) has at least n distinct roots mod p. By the theorem, f{x) 
has at most n roots mod p ^ f{x) has exactly n distinct roots mod p. ■ 

Corollary 31. Ifd\p — 1 then x*^ = 1 mod p has exactly d distinct solutions mod p. 

Proof. d\p — 1, so x'^~'^ — l\xP~^ — 1 as polynomials, p — 1 = kd, so x'"^ - 1 = 
{x'^ - l)(a;('=-i)'' • • • + 1). So a;-^ - 1\x{xP-'^ -1)=xP-x. So has d solutions. ■ 

Corollary 32. Another proof of Wilson's Theorem 

Proof. Let p be an odd prime. Let /(x) = x(x ~ l){x — 2) . . . {x — p+1). This has 
degp and p solutions mod p, so it must divide x^ — x mod p. Both polynomials 
are monic of the same degree (p), so must be equal mod p. 

x{x — 1) . . . (x — (p — 1)) = — X mod p 

Coefficient of x on the LHS is just (-l)(-2) . . . (-(p - 1)) = (-1)^'"Hp - 1)! = 
(p — 1)! since p is odd, and so (p — 1)! = — 1 mod p (coefficient on RHS). ■ 

This tells us much more as well - eg., l + 2 + -- -+ p — 1 = mod p for p > 3, 

and (1)(2) + (1)(3) + . . . (2)(3) • • • + (p- l)(p- 2) = Omodpforp > 5. 

If we have a product /(x) = (x — ai) . . . (x — a„) then /(x) = x"- — aix""^ + 
0-2x"~^ + . . . (— l)"fT„. (Ti are elementary syiranetric polynomials. 

0-2 = ^ aiaj 

i<j 

uk = ^(all products of k roots 

Question - We know by Euler that if (n, 35) = 1, then rfi^"^^^ = v?'^ = 1 mod 
35. Can 24 be replaced by something smaller? le., what's the smallest positive 
integer TV such that if (n, 35) = 1 then rJ^ = 1 mod 35. 

(Definition) Order: If (a, to) = 1 and h is the smallest positive integer such 
that = \ mod to then say h is the order of a mod to. Written as /i = ordm(a). 

Lemma 33. Lef h, = ordTO(a). The set of integers k such that = \ mod m is exactly 
the set of multiples ofh. 
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Proof, a^'^ = (a'^y = l*" = 1 mod m. Suppose we have k such that a'^ = 1 mod 
m. Want to show h\k. Write k = hq + r where 0<r<h. l = a''= 0^'+'' = 
a'^'a'" = la'" = a" mod m, so a'" = 1 mod m. But r < /i. So if r > 0, contradicts 
minimality of h, which means that r = 0, and k is multiple of h. ■ 

Lemma 34. Ifh = ordTO(a) then a*^ /ws order mod m. 

Proof. 

a!^^ = 1 mod m 
■H- h\kj 

h . k . 

h 

"^{Kkf 

So smallest such positive j = . ■ 

Lemma 35. If a has order h mod m and b has order k mod m, and {h, k) = 1, then ab 
has order hk mod m. 



Proof. We know 



{aby'' = {a'''f{b''f 



= 1 mod m 

Conversely suppose that r = ordm(a6). 

{aby = 1 mod m 

{aby'' = 1 mod m 

{a^y¥^ = l modm 

= 1 mod m 



so k\rh => k\r (since {k,h) = 1), and similarly h\r. So hk\r, and so hk = 
oidmiab). ■ 

(Definition) Primitive Root: If a has order (p{m) mod m, we say that a is a 
primitive root mod ro. 



Eg. mod 7: 
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1 has order 1 

2 has order 3 (2^ = 1 mod 7) 

3 has order 6 / (^(7) = 6) 

4 has order 3 

5 has order 6 / {(j){7) = 6) 

6 has order 2 

Lemma 36. Let p be prime and suppose q'^\\p— I for some other prime q. Then there's 

an element mod p of order q^. 

Assuming Lemma... 

Lemma says that 3 gi with ordp(gi) = ql^ , g2 with ordp(52) = 92^/ etc. Set 
9 = .91.92 • ■ • fir- So by previous lemma above, g has order (fiq^ ■ ■ ■q%'^ ~ p — 1 
because all are coprime in pairs, p — 1 = <t){p), so 5 is a primitive root mod p. 

Proof. Consider solutions of x'^" = 1 mod p. Because q^\p — 1, a;^° — 1 has exactly 
q^ roots mod p. If a is any such root, then ordp(a) must divide q^. 

So if it's not equal to g^, it must divide q^~^. Then a would have to be root of 
x"^' —1 = mod p, which has exactly g*"^ solutions. Since q'^ — q'^~^ > 0, 
there exists a such that ordp(a) = q^. ■ 
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